package com.myFwk.config.resource;

import org.springframework.core.io.ClassPathResource;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.util.FileCopyUtils;

import java.io.IOException;

/**
 * @Title:
 * @Description:
 * @Author: guowl
 * @version： 1.0
 * @Date:2021/8/30
 * @Copyright: Copyright(c)2021 RedaFlight.com All Rights Reserved
 */
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    public ResourceServerConfig() {
        super();
    }

    /**
     * 设置公钥
     *
     * @param resources
     * @throws Exception
     */
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenStore(jwtTokenStore());
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .sessionManagement().disable()
                .authorizeRequests().antMatchers("/v2/api-docs",
                "/swagger-resources/configuration/ui",
                "/swagger-resources",
                "/swagger-resources/configuration/security",
                "/webjars/**",
                "/swagger-ui.html",
                "/admin/login",
                "/test/testThread",
                "/authorization-server/**").permitAll()
                .antMatchers("/**")
                .authenticated()
                .and()
                .headers()
                .cacheControl();

    }


    private TokenStore jwtTokenStore() {
        JwtTokenStore jwtTokenStore = new JwtTokenStore(accessTokenConverter());
        return jwtTokenStore;
    }

    public JwtAccessTokenConverter accessTokenConverter() {
        //资源服务器验证token的公钥，授权服务器产生token的私钥
        JwtAccessTokenConverter tokenConverter = new JwtAccessTokenConverter();
        String publicKey = null;
        try {
            //获取公钥信息
            ClassPathResource classPathResource = new ClassPathResource("myframwork.txt");
            byte[] bytes = new byte[0];
            bytes = FileCopyUtils.copyToByteArray(classPathResource.getInputStream());
            publicKey = new String(bytes, "UTF-8");
        } catch (IOException e) {
            e.printStackTrace();
        }
        //  tokenConverter.setVerifierKey(publicKey); 这一种方式是错误的，解析token的会出现异常
        tokenConverter.setVerifier(new RsaVerifier(publicKey));
        return tokenConverter;
    }

}
